Abstract: A method and apparatus are disclosed that seek to improve the quality of service that is experienced during the transmission of a stream of packets across one or more paths. In particular, a transmitting node encodes a source stream of data (e.g., audio, video, etc.) into one or more sub-streams, and distributes those sub-streams onto multiple network transmission paths. In accordance with the illustrative embodiment of the present invention, the transmitting node evaluates the quality of service of a first network path that fails to provide a quality-of-service guarantee. When the quality of service of the first network path becomes unsatisfactory, the coding of one or more sub-streams that are being transmitted on a second network path is adjusted. In other words, the coding on a second channel is adjusted in response to the changing conditions on a first channel.

Abstract: A technique is disclosed that evaluates a network path between (i) a first node in a first subnetwork of endpoint nodes, such as IP phones, and (ii) a second node in a second subnetwork. A “ricochet” node in the network path evaluates the path by probing one or both subnetworks, where the ricochet node acts as relay for traffic packets being transmitted between the two subnetworks. A given relay has only to probe a single, representative node within a subnetwork at any given time in order to obtain performance data that is representative of the subnetwork overall. By probing the representative node, the relay is able to acquire an assessment of network conditions that is valid for the path between the relay and any endpoint in the subnetwork. As a result, the disclosed technique reduces the probing overhead when many endpoint nodes on a given subnetwork are simultaneously active and experiencing adverse network conditions.

Abstract: A method and an apparatus are disclosed that provide a privilege-granting technique for enabling a service-providing domain to grant a privilege to a requesting user in a service-requesting domain. A request handler in the service-providing domain, which comprises one or more service-associated resources, receives a user request to use a service and requests a token from a privilege-granting server, in accordance with the illustrative embodiment of the present invention. Upon receiving the token that specifies a granted privilege from the privilege-granting server, the request handler extends the privilege to the requesting user. Alternatively, the request handler can request a plurality of tokens in advance from the privilege-granting server; after receiving the tokens, the request handler extends a privilege to each requesting user as the handler receives requests to use one or more services.

Abstract: Methods and apparatus are provided for estimating a location of a plurality of wireless terminals. Signal strength measurements are obtained for at least one packet transmitted by each of the wireless terminals; and a Bayesian algorithm is applied to the signal strength measurements to estimate the location of each wireless terminal. In an infrastructure-based deployment, signal strength measurements are obtained from one or more signal monitors. In a client-based model, signal strength measurements are obtained from a client associated with a respective wireless terminal.

Abstract: A method for providing priority access to 802.11 endpoints. The method includes the steps of sending a Clear To Send (CTS) frame from a designated station, without requiring a Request to Send (RTS) frame from a first station. The CTS frame includes a field identifying the first station for commencing transmission, and a field indicating a duration of transmission. A deferring step is also performed for deferring any transmissions of stations other than the first station until after the duration indicated in the CTS frame has passed.

Abstract: A contention-based network which allows real-time traffic to be assembled into multiple linked-list chains. A time separation is enforced between the various multiple chains, which are limited to a predetermined maximum number of stations that each can have in order to allow non-real-time stations to obtain timely access to the medium. Ones of the multiple chains may also be joined into a single chain. Blackburst contention is used to enable a chain to be reconstituted robustly from non-anticipated interruptions, such as the failure of one of its stations.

Abstract: A method and apparatus are provided for network security based on a security status of a device. A security update status of a device is evaluated; and one or more of a plurality of security policies are selected to apply to the device based on the security update status. The available security philosophies may include, for example, a “protect the good” philosophy, an “encourage the busy” philosophy and a “shut off the non-compliant” philosophy. The security update status can evaluate, for example, a version level of one or more security features installed on the device or can be based on a flag indicating whether the device satisfies predefined criteria for maintaining one or more computer security protection features up-to-date.

Abstract: A method and apparatus are provided for obtaining a signal strength model for an access point at an arbitrary location, q, at a site. Signal strength measurements are obtained for each of n sampling points; the signal strength received at the arbitrary location, q, is computed from each of said sampling points (for example, using reciprocity principles); signal strength estimates corresponding to the signal received at the sampling points from the arbitrary location are computed; and a signal strength model is determined for an access point positioned at the arbitrary location, q.

Abstract: A system is disclosed that enables the estimation of the location of a wireless terminal in a wireless network. The illustrative embodiment works without requiring modifications to be made to the wireless terminal. Furthermore, the hardware of some embodiments of the present invention can be inexpensively deployed indoors. Some embodiments of the present invention are, therefore, ideally suited for use with legacy indoor systems. The system of the illustrative embodiment of the present invention, in some embodiments, uses an offline process and an online process for location estimation. The described system, however, can be used with other techniques for location estimation.

Abstract: A method and apparatus are disclosed for estimating the location of a wireless terminal across multiple building floors. The illustrative embodiment determines the floor where the wireless terminal is presently located by using a majority logic-based heuristic. A plurality of signal monitors measure signals from the wireless terminal and provide those signal strength measurements to a location estimation server. Alternatively, the wireless terminal measures signals that are transmitted by a plurality of transmitting signal devices and provides those signal strength measurements to a location estimation server. The location estimation server determines the floor of the wireless terminal in accordance with the illustrative embodiment of the present invention.

Abstract: A technique is disclosed for detecting hidden wireless routers that constitute security threats in telecommunications networks that comprise a wireless network portion and a wireline network portion. In accordance with the illustrative embodiment of the invention, a test station is used in the wireless portion of a network to detect the presence of a hidden wireless router. Furthermore, in some embodiments, a test server is used in the wireline portion of the network in order to detect packets that are illegitimately routed from the wireless portion to the wireline portion of the network through the hidden wireless router.